Information for build unbound-1.16.2-5.oc8.6

ID21740
Package Nameunbound
Version1.16.2
Release5.oc8.6
Epoch
Sourcegit+https://gitee.com/src-opencloudos-rpms/unbound.git#71ddc5402c3d82093291e724bbfab52705a2365f
SummaryValidating, recursive, and caching DNS(SEC) resolver
DescriptionUnbound is a validating, recursive, and caching DNS(SEC) resolver. The C implementation of Unbound is developed and maintained by NLnet Labs. It is based on ideas and algorithms taken from a java prototype developed by Verisign labs, Nominet, Kirei and ep.net. Unbound is designed as a set of modular components, so that also DNSSEC (secure DNS) validation and stub-resolvers (that do not run as a server, but are linked into an application) are easily possible.
Built byoc-bot
State complete
Volume DEFAULT
StartedThu, 11 Apr 2024 18:57:12 CST
CompletedThu, 11 Apr 2024 18:58:59 CST
Taskbuild (dist-oc8, /src-opencloudos-rpms/unbound.git:71ddc5402c3d82093291e724bbfab52705a2365f)
Extra{'source': {'original_url': 'git+https://gitee.com/src-opencloudos-rpms/unbound.git#71ddc5402c3d82093291e724bbfab52705a2365f'}}
Tags
dist-oc8
dist-oc8-compose
RPMs
src
unbound-1.16.2-5.oc8.6.src.rpm (info) (download)
aarch64
python3-unbound-1.16.2-5.oc8.6.aarch64.rpm (info) (download)
unbound-1.16.2-5.oc8.6.aarch64.rpm (info) (download)
unbound-devel-1.16.2-5.oc8.6.aarch64.rpm (info) (download)
unbound-libs-1.16.2-5.oc8.6.aarch64.rpm (info) (download)
python3-unbound-debuginfo-1.16.2-5.oc8.6.aarch64.rpm (info) (download)
unbound-debuginfo-1.16.2-5.oc8.6.aarch64.rpm (info) (download)
unbound-debugsource-1.16.2-5.oc8.6.aarch64.rpm (info) (download)
unbound-libs-debuginfo-1.16.2-5.oc8.6.aarch64.rpm (info) (download)
x86_64
python3-unbound-1.16.2-5.oc8.6.x86_64.rpm (info) (download)
unbound-1.16.2-5.oc8.6.x86_64.rpm (info) (download)
unbound-devel-1.16.2-5.oc8.6.x86_64.rpm (info) (download)
unbound-libs-1.16.2-5.oc8.6.x86_64.rpm (info) (download)
python3-unbound-debuginfo-1.16.2-5.oc8.6.x86_64.rpm (info) (download)
unbound-debuginfo-1.16.2-5.oc8.6.x86_64.rpm (info) (download)
unbound-debugsource-1.16.2-5.oc8.6.x86_64.rpm (info) (download)
unbound-libs-debuginfo-1.16.2-5.oc8.6.x86_64.rpm (info) (download)
Logs
x86_64
root.log
build.log
installed_pkgs.log
state.log
hw_info.log
mock_output.log
aarch64
state.log
installed_pkgs.log
build.log
root.log
hw_info.log
mock_output.log
Changelog * Wed Apr 03 2024 Petr Menšík <pemensik@redhat.com> - 1.16.2-5.6 - Rebuilt again with z-stream target * Wed Apr 03 2024 Petr Menšík <pemensik@redhat.com> - 1.16.2-5.5 - Correct typo in new config file * Mon Mar 11 2024 Petr Menšík <pemensik@redhat.com> - 1.16.2-5.4 - Ensure group access correction reaches also updated configs (CVE-2024-1488) * Wed Feb 28 2024 Petr Menšík <pemensik@redhat.com> - 1.16.2-5.3 - Ensure only unbound group can change configuration (CVE-2024-1488) * Mon Feb 19 2024 Tomas Korbar <tkorbar@redhat.com> - 1.16.2-5.2 - Fix wrong entry in changelog - Resolves: RHEL-25634 * Fri Feb 16 2024 Tomas Korbar <tkorbar@redhat.com> - 1.16.2-5.1 - Fix KeyTrap - Extreme CPU consumption in DNSSEC validator CVE-2023-50387 - Fix Preparing an NSEC3 closest encloser proof can exhaust CPU resources CVE-2023-50868 - Resolves: RHEL-25660 - Resolves: RHEL-25634 * Sat Oct 15 2022 Petr Menšík <pemensik@redhat.com> - 1.16.2-5 - Stop creating wrong devel manual pages (#2135322) * Sat Oct 15 2022 Petr Menšík <pemensik@redhat.com> - 1.16.2-4 - Apply correctly previous change (CVE-2022-3204) * Tue Oct 11 2022 Petr Menšík <pemensik@redhat.com> - 1.16.2-3 - Fix NRDelegation attack leading to uncontrolled resource consumption (CVE-2022-3204) * Tue Aug 09 2022 Petr Menšík <pemensik@redhat.com> - 1.16.2-2 - Require openssl tool for unbound-keygen (#2018806) * Wed Aug 03 2022 Petr Menšík <pemensik@redhat.com> - 1.16.2-1 - Update to 1.16.2 (#2027735) * Wed Jun 15 2022 Petr Menšík <pemensik@redhat.com> - 1.16.0-2 - Restart keygen service before every unbound start (#1959468) * Wed Jun 15 2022 Petr Menšík <pemensik@redhat.com> - 1.16.0-1 - Upgrade to 9.16.0 (#2027735) - Update to recent version with compatibility with RHEL8 (#2027735) - Ensure also source level compatibility with previous version * Thu May 19 2022 Richard Lescak <rlescak@gmail.com> - 1.7.3-18 - Change file mode before owner when configuring remote control unix socket to avoid AVC denials - Resolves: rhbz#2038251 * Mon Apr 26 2021 Artem Egorenkov <aegorenk@redhat.com> - 1.7.3-17 - Option --enable-linux-ip-local-port-range added to use system configured port range for libunbound on Linux - Resolves: rhbz#1830625 * Tue Apr 06 2021 Artem Egorenkov <aegorenk@redhat.com> - 1.7.3-16 - Don't start unbound-anchor before unbound service if DISABLE_UNBOUND_ANCHOR environment variable equals to "yes" - Resolves: rhbz#1922448 * Tue Sep 01 2020 Anna Khaitovich <akhaitov@redhat.com> - 1.7.3-15 - Fix SPEC file to not check md5 mtime and size of /var/lib/unbound/root.key - Resolves: rhbz#1714175 - Use system-wide crypto policy setting (PROFILE=SYSTEM) instead of custom setting - Resolves: rhbz#1842837 - Enable additional logging in unbound - Resolves: rhbz#1850460 - security hardening from x41 report - Resolves: rhbz#1859933 - symbolic link traversal when writing PID file - Resolves: rhbz#1899058 * Thu May 28 2020 Anna Khaitovich <akhaitov@redhat.com> - 1.7.3-14 - Fix unbound-1.7.3-amplifying-an-incoming-query.patch patch - Resolves: rhbz#1839178 (CVE-2020-12662) * Mon May 25 2020 Anna Khaitovich <akhaitov@redhat.com> - 1.7.3-13 - Fix two previous patches and add missing patch lines to %prep - Fix amplifying an incoming query into a large number of queries directed to a target - Resolves: rhbz#1839178 (CVE-2020-12662) * Tue Apr 21 2020 Anna Khaitovich <akhaitov@redhat.com> - 1.7.3-12 - Remove KSK-2010 from configuration files - Resolves: rhbz#1665502 - Replace legacy directory /var/run/ with /run - Resolves: rhbz#1766463 - Resolves: rhbz#1805978 - Fix memory leak when DNS over TLS forwarding is configured - Resolves: rhbz#1819870 * Thu Apr 16 2020 Artem Egorenkov <aegorenk@redhat.com> - 1.7.3-11 - Resolves bz1818761. unbound crash fixed. * Tue Dec 10 2019 Tomas Korbar <tkorbar@redhat.com> - 1.7.3-10 - Secure ipsec mode (#1772061) - CVE-2019-18934 * Tue Dec 10 2019 Tomas Korbar <tkorbar@redhat.com> - 1.7.3-9 - Use pthread_mutex_t locks when dealing with I/O operations (#1775708) * Tue Jul 31 2018 Petr Menšík <pemensik@redhat.com> - 1.7.3-8 - Release memory in unbound-host * Mon Jul 23 2018 Petr Menšík <pemensik@redhat.com> - 1.7.3-7 - Remove unused Group tag * Wed Jul 18 2018 Petr Menšík <pemensik@redhat.com> - 1.7.3-6 - Cleanup generated client and server keys (#1601773) * Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.7.3-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild * Mon Jul 09 2018 Petr Menšík <pemensik@redhat.com> - 1.7.3-4 - Do not call ldconfig if possible * Wed Jul 04 2018 Petr Menšík <pemensik@redhat.com> - 1.7.3-3 - Update trust anchors also behind firewall (#1598078) * Mon Jul 02 2018 Miro Hrončok <mhroncok@redhat.com> - 1.7.3-2 - Rebuilt for Python 3.7 * Wed Jun 27 2018 Petr Menšík <pemensik@redhat.com> - 1.7.3-1 - Update to 1.7.3 (#1593708) * Wed Jun 27 2018 Petr Menšík <pemensik@redhat.com> - 1.7.2-3 - Remove last python2 dependency from python3 build * Mon Jun 25 2018 Tomas Hozza <thozza@redhat.com> - 1.7.0-6 - Disable Python2 support * Mon Apr 09 2018 Petr Menšík <pemensik@redhat.com> - 1.7.0-5 - Require gcc and make on build - Remove group, simplify systemd requires - Simplify building with single python version, make python3 primary * Mon Apr 09 2018 Paul Wouters <pwouters@redhat.com> - 1.7.0-4 - Patch for prefetching after flushing cache * Fri Apr 06 2018 Paul Wouters <pwouters@redhat.com> - 1.7.0-3 - Patch for referral with auth-zone: response * Wed Mar 21 2018 Paul Wouters <pwouters@redhat.com> - 1.7.0-2 - Patch for broken Aggressive NSEC + stub-zone configuration causing NXDOMAIN at TTL expiry * Thu Mar 15 2018 Paul Wouters <pwouters@redhat.com> - 1.7.0-1 - Updated to 1.7.0 (aggressive nsec, local root support, bugfixes) * Thu Feb 22 2018 Petr Menšík <pemensik@redhat.com> - 1.6.8-6 - Uncomment again original max-upd-size * Wed Feb 21 2018 Petr Menšík <pemensik@redhat.com> - 1.6.8-5 - Use default RPM build flags and configure parameters (#1539097) * Wed Feb 21 2018 Petr Menšík <pemensik@redhat.com> - 1.6.8-4 - Remove group writable bit from some config files (#1528445) * Wed Feb 14 2018 Filipe Rosset <rosset.filipe@gmail.com> - 1.6.8-3 - rebuilt due new libevent 2.1.8 * Fri Feb 09 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 1.6.8-2 - Escape macros in %changelog * Mon Jan 22 2018 Paul Wouters <pwouters@redhat.com> - 1.6.8-1 - Resolves rhbz#1483572 unbound-1.6.8 is available - Resolves rhbz#1507049 CVE-2017-15105 unbound: Improper validation of wildcard synthesized NSEC records - Resolves rhbz#1536518 CVE-2017-15105 unbound: Improper validation of wildcard synthesized NSEC records [fedora-all] * Sun Dec 17 2017 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 1.6.7-2 - Python 2 binary package renamed to python2-unbound See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3 * Thu Oct 12 2017 Paul Wouters <pwouters@redhat.com> - 1.6.7-1 - Updated to 1.6.7 (minor bugfixes) * Tue Oct 03 2017 Petr Menšík <pemensik@redhat.com> - 1.6.6-3 - Update icannbundle.pem * Mon Oct 02 2017 Paul Wouters <pwouters@redhat.com> - 1.6.6-2 - Enable RFC 8145 Trust Anchor Signaling to help the root zone get keytag statistics * Fri Sep 22 2017 Paul Wouters <pwouters@redhat.com> - 1.6.6-1 - Resolves: rhbz#1483572 unbound-1.6.6 is available - Resolves: rhbz#1465575 unbound fails to start up, complains about missing ipsecmod-hook (edit) * Wed Aug 16 2017 Paul Wouters <pwouters@redhat.com> - 1.6.4-4 - Rebuilt with KSK2017 added to root.key and root.anchor - Remove noreplace for root key files. We can only improve these files over local copies * Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.6.4-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild * Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.6.4-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild * Sun Jul 02 2017 Paul Wouters <pwouters@redhat.com> - 1.6.4-1 - Updated to 1.6.4 full release, patch to allow missing ipsechook - Resolves rhbz#1465575 unbound fails to start up, complains about missing ipsecmod-hook * Thu Jun 22 2017 Paul Wouters <pwouters@redhat.com> - 1.6.4-0.rc2 - Update to 1.6.4 (esubnet, ipsecmod support, bugfixes) * Tue Jun 13 2017 Paul Wouters <pwouters@redhat.com> - 1.6.3-1 - Updated to 1.6.3 (fixes assertion failure when receiving malformed packet with 0x20 enabled) * Thu Jun 08 2017 Paul Wouters <pwouters@redhat.com> - 1.6.2-2 - Patch for cmd: unbound-control set_option val-permissive-mode: yes * Wed Apr 26 2017 Paul Wouters <pwouters@redhat.com> - 1.6.2-1 - Update to 1.6.2 (rhbz#1425649) - Updated unbound.conf with new options * Wed Mar 22 2017 Paul Wouters <pwouters@redhat.com> - 1.6.0-6 - Call make unbound-event-install to install unbound-event.h * Sat Feb 11 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.6.0-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild * Wed Jan 18 2017 Paul Wouters <pwouters@redhat.com> - 1.6.0-4 - Remove obsoleted DLV key * Mon Jan 02 2017 Paul Wouters <pwouters@redhat.com> - 1.6.0-3 - Actually remove dependency because minimum is always satisfied * Mon Jan 02 2017 Paul Wouters <pwouters@redhat.com> - 1.6.0-2 - Depend on openssl-libs, not opensl * Wed Dec 21 2016 Kevin Fenzi <kevin@scrye.com> - 1.6.0-1 - Update to 1.6.0 * Mon Dec 19 2016 Miro Hrončok <mhroncok@redhat.com> - 1.5.10-3 - Rebuild for Python 3.6 * Wed Oct 26 2016 Ilya Evseev <evseev.i@cdnnow.ru> - 1.5.10-2 - Bugfix building without python2 and python3 - Fixup streamtcp build (Paul) * Tue Sep 27 2016 Paul Wouters <pwouters@redhat.com> - 1.5.10-1 - Updated to 1.5.10 (better TCP handling, bugfixes) - Install pkgconfig file in -devel package - Updated unbound.conf * Tue Jul 19 2016 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.5.9-4 - https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages * Thu Jul 07 2016 Paul Wouters <pwouters@redhat.com> - 1.5.9-3 - Fix upper port range to 60999 because that's what selinux allows * Thu Jun 16 2016 Paul Wouters <pwouters@redhat.com> - 1.5.9-2 - Patch for allowing more queries before failure (needed for query minimalization) * Mon Jun 13 2016 Paul Wouters <pwouters@redhat.com> - 1.5.9-1 - Updated to 1.5.9 * Thu Apr 21 2016 Toshio Kuratomi <toshio@fedoraproject.org> - 1.5.8-2 - Fix streamtcp to link against libpython3.x instead of libpython2.x * Wed Mar 02 2016 Paul Wouters <pwouters@redhat.com> - 1.5.8-1 - Update to 1.5.8 (rhbz#1313831) which incorporates rhbz#1294339 patch - Updated unbound.conf with new upstream options - Enabled ip-transparent: yes (see rhbz#1291449) * Fri Feb 05 2016 Fedora Release Engineering <releng@fedoraproject.org> - 1.5.7-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild * Thu Jan 21 2016 Tomas Hozza <thozza@redhat.com> - 1.5.7-2 - Fix escaping of shell chars in unbound-control-setup (#1294339) * Fri Dec 11 2015 Paul Wouters <pwouters@redhat.com> - 1.5.7-1 - Update to 1.5.7 - Enable query minimalization for enhanced DNS query privacy - Enable nxdomain hardening to assist with query minimalization and SBLs - Updated default unbound.conf for new features from upstream. * Fri Nov 13 2015 Tomas Hozza <thozza@redhat.com> - 1.5.6-1 - Update to 1.5.6 (#1176729) * Wed Nov 04 2015 Robert Kuska <rkuska@redhat.com> - 1.5.5-2 - Rebuilt for Python3.5 rebuild * Wed Oct 07 2015 Tomas Hozza <thozza@redhat.com> - 1.5.5-1 - New upstream release 1.5.5 (#1269137) - Removed the anchor update from %post section of -libs subpackage (#1269137#c2) * Tue Sep 15 2015 Tomas Hozza <thozza@redhat.com> - 1.5.4-5 - Removed dependency and ordering on unbound-anchor.service in unbound.service * Thu Sep 03 2015 Tomas Hozza <thozza@redhat.com> - 1.5.4-4 - Prefer Python3 build over Python2 build for now (#1254566) * Mon Jul 20 2015 Tomas Hozza <thozza@redhat.com> - 1.5.4-3 - Added ExecReload section to unbound.service (#1195785) - Removed After syslog.target since it is not needed any more * Thu Jul 16 2015 Tomas Hozza <thozza@redhat.com> - 1.5.4-2 - Start unbound-anchor.timer only on new installations - Rename root.anchor to root.key in %post section * Tue Jul 14 2015 Paul Wouters <pwouters@redhat.com> - 1.5.4-1 - Update to 1.5.4 - Removed patches merged into upstream * Tue Jun 16 2015 Tomas Hozza <thozza@redhat.com> - 1.5.3-8 - Revert: Use low maximum negative cache TTL (5 sec) (#1229596) * Mon Jun 15 2015 Tomas Hozza <thozza@redhat.com> - 1.5.3-7 - Add option for maximum negative cache TTL (#1229599) - Use low maximum negative cache TTL (5 sec) (#1229596) * Tue May 26 2015 Tomas Hozza <thozza@redhat.com> - 1.5.3-6 - Removed usage of DLV from the default configuration (#1223363) * Wed May 13 2015 Tomas Hozza <thozza@redhat.com> - 1.5.3-5 - unbound.service now Wants unbound-anchor.timer - unbound-anchor man page moved to the unbound-libs * Mon May 11 2015 Paul Wouters <pwouters@redhat.com> - 1.5.3-4 - Fixup scriptlets causing systemctl: command not found - Resolves rhbz#1219587 Error in PREIN scriptlet in rpm package unbound-libs * Mon Apr 27 2015 Tomas Hozza <thozza@redhat.com> - 1.5.3-3 - migrate cronjob to systemd timer unit (#1177285) - change the period for unbound-anchor from monthly to daily (#1180267) - Thanks to Tomasz Torcz <ttorcz@fedoraproject.org> for the initial patch * Thu Apr 16 2015 Tomas Hozza <thozza@redhat.com> - 1.5.3-2 - Fix FTBFS (#1206129) - Build python3-unbound and python-unbound bindings for Python 3 and 2 (#1188080) * Mon Mar 16 2015 Paul Wouters <pwouters@redhat.com> - 1.5.3-1 - Updated to 1.5.3 which is a bugfix on 1.5.2 for sighup handling - Updated to 1.5.2 which fixes DNSSEC validation with different trust anchors upstream, local-zone has a new keyword 'inform' * Mon Feb 02 2015 Paul Wouters <pwouters@redhat.com> - 1.5.1-4 - Build with --enable-ecdsa * Sun Feb 01 2015 Paul Wouters <pwouters@redhat.com> - 1.5.1-3 - Fix post to create root.anchor, not root.key, to match cron job * Tue Dec 09 2014 Paul Wouters <pwouters@redhat.com> - 1.5.1-2 - Change systemd-units to systemd - Use _tmpfilesdir macro, don't mark tmpfiles as config * Tue Dec 09 2014 Paul Wouters <pwouters@redhat.com> - 1.5.1-1 - Update to 1.5.1 for CVE-2014-8602 (rhbz#1172066) - Removed unbound-aarch64.patch which was merged upstream - Don't require autotools for non snapshots or run autoreconf * Fri Nov 28 2014 Tomas Hozza <thozza@redhat.com> - 1.5.1-0.1.rc1 - update to 1.5.1rc1 * Fri Nov 28 2014 Marcin Juszkiewicz <mjuszkiewicz@redhat.com> - 1.5.0-3 - fix build on aarch64 * Wed Nov 26 2014 Tomas Hozza <thozza@redhat.com> - 1.5.0-2 - Fix race condition in arc4random (#1166878) * Wed Nov 19 2014 Tomas Hozza <thozza@redhat.com> - 1.5.0-1 - update to 1.5.0 * Wed Sep 24 2014 Pavel Šimerda <psimerda@redhat.com> - 1.4.22-6 - Resolves: #1115489 - build with python 3.x for fedora >= 22 * Thu Aug 21 2014 Kevin Fenzi <kevin@scrye.com> - 1.4.22-5 - Rebuild for rpm bug 1131960 * Mon Aug 18 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.4.22-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Sun Jun 08 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.4.22-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Thu May 01 2014 Paul Wouters <pwouters@redhat.com> - 1.4.22-2 - Added flushcache patch (SVN commit 3125) * Thu Mar 13 2014 Paul Wouters <pwouters@redhat.com> - 1.4.22-1 - Updated to 1.4.22 - No longer requires the ldns library * Thu Jan 16 2014 Tomas Hozza <thozza@redhat.com> - 1.4.21-3 - Fix segfault on adding insecure forward zone when using only iterator (#1054192) * Mon Oct 21 2013 Tomas Hozza <thozza@redhat.com> - 1.4.21-2 - run test suite during the build * Thu Sep 19 2013 Paul Wouters <pwouters@redhat.com> - 1.4.21-1 - Updated to 1.4.21, - Enabled new max-udp-size: 3072 (so ANY isc.org won't fit) - Removed patched merged in by upstream - Enable statistics-cumulative for munin-plugin - Added outgoing-port-avoid: 0-32767 conformant to SElinux restrictions - Updated unbound.conf * Mon Aug 26 2013 Tomas Hozza <thozza@redhat.com> - 1.4.20-19 - Fix errors found by static analysis of source * Mon Aug 12 2013 Paul Wouters <pwouters@redhat.com> - 1.4.20-18 - Change unbound.conf to only use ephemeral ports (32768-65535) * Sun Aug 04 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.4.20-17 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild * Mon Jul 22 2013 Tomas Hozza <thozza@redhat.com> - 1.4.20-16 - provide man page for unbound-streamtcp * Mon Jul 08 2013 Paul Wouters <pwouters@redhat.com> - 1.4.20-15 - Re-introduce hardening flags for full relro and pie - Fixes compilation failure for python module * Wed Jul 03 2013 Tomas Hozza <thozza@redhat.com> - 1.4.20-14 - remove missing unbound-rootkey.service from post/preun/postun sections - don't hardcode hardening flags, let hardened build macro handles it * Sat Jun 01 2013 Paul Wouters <pwouters@redhat.com> - 1.4.20-13 - Run unbound-anchor as user unbound in unbound.service * Tue May 28 2013 Paul Wouters <pwouters@redhat.com> - 1.4.20-12 - Enable round-robin (with noths() patch) - Change cron and systemd service to use root.key, not root.anchor * Sat May 25 2013 Paul Wouters <pwouters@redhat.com> - 1.4.20-10 - Use /var/lib/unbound/root.key (more consistent with other distros) - Enable minimal responses * Mon Apr 22 2013 Paul Wouters <pwouters@redhat.com> - 1.4.20-8 - Refix * Fri Apr 19 2013 Paul Wouters <pwouters@redhat.com> - 1.4.20-7 - Fix runuser call in post. * Tue Apr 16 2013 Paul Wouters <pwouters@redhat.com> - 1.4.20-6 - /var/lib/unbound should be owned by unbound. group write is not enough * Fri Apr 12 2013 Paul Wouters <pwouters@redhat.com> - 1.4.20-5 - Fix cron job syntax (rhbz#951725) - Use install -p to prevent .rpmnew files that are identical to originals * Mon Apr 08 2013 Paul Wouters <pwouters@redhat.com> - 1.4.20-4 - Updated to 1.4.20 - Build with full RELRO (not use -z,relro but with -z,relo,-z,now) - Fixup man page for unbound-control-setup - unbound.service should start before nss-lookup.target (rhbz#919955) - Removed patch for rhbz#888759 merged in upstream - Move root.anchor to /var/lib/unbound to make selinux policy easier for updating (rhbz#896599/rhbz#891008) - Move cronjob for root.anchor from unbound to unbound-libs, require crontabs - /etc/unbound (and all) should be owned by unbound-libs (rhbz#909691) - Remove Obsolete/Provides for dnssec-conf which was last seen in f13 - Ensure any unbound-anchor failure in post is ignored * Tue Mar 05 2013 Adam Tkac <atkac redhat com> - 1.4.19-5 - build with full RELRO - symlink unbound-control-setup.8 manpage to unbound-control.8 * Fri Feb 15 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.4.19-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild * Wed Dec 12 2012 Paul Wouters <pwouters@redhat.com> - 1.4.19-3 - Updated to 1.4.19 - this integrates all existing patches - Patch for unbound-anchor (rhbz#888759) * Fri Nov 09 2012 Paul Wouters <pwouters@redhat.com> - 1.4.18-6 - Patch to ensure stube-zone's aren't lost when using dnssec-triggerd - added unbound-munin.README file * Wed Sep 26 2012 Paul Wouters <pwouters@redhat.com> - 1.4.18-5 - Patch to allow wildcards in include: statements - Add directories /etc/unbound/keys.d,conf.d,local.d with example entries - Added /etc/unbound/root.anchor, maintained by unbound-anchor which is installed as monthly cron and PreExec in systemd config (root.key is unused, but left installed in case people depend on it) - Native systemd (simple) and /etc/sysconfig/unbound support - Run unbound-checkconf in PreExec - Moved trust anchor related files to unbound-libs, as they can be used without the daemon. - sub packages now depends on base package of same arch - Build munin package as noarch - unbound-anchor moved to unbound-libs package. It is needed to update the root.anchor key file. * Tue Sep 04 2012 Paul Wouters <pwouters@redhat.com> - 1.4.18-3 - Fix openssl thread locking bug under high query load * Thu Aug 23 2012 Paul Wouters <pwouters@redhat.com> - 1.4.18-2 - Use new systemd-rpm macros (rhbz#850351) - Clean up old obsoleted dnssec-conf from < fedora 15 * Fri Aug 03 2012 Paul Wouters <pwouters@redhat.com> - 1.4.18-1 - Updated to 1.4.18 (FIPS related fixes mostly) - Removed patches that were merged in upstream - Added comment to root.key * Mon Jul 23 2012 Paul Wouters <pwouters@redhat.com> - 1.4.17-5 - Fix for unbound crasher (upstream bug #452) - Support libunbound functions in man pages and place in -devel * Sun Jul 22 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.4.17-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild * Tue Jul 03 2012 Paul Wouters <pwouters@redhat.com> - 1.4.17-3 - unbound FIPS patches for MD5,randomness (rhbz#835106) * Fri Jun 15 2012 Adam Tkac <atkac redhat com> - 1.4.17-2 - don't build unbound-munin on RHEL * Thu May 24 2012 Paul Wouters <pwouters@redhat.com> - 1.4.17-1 - Updated to 1.4.17 (which mostly brings in patches we already applied from svn trunk) * Wed Feb 29 2012 Paul Wouters <pwouters@redhat.com> - 1.4.16-3 - Since the daemon links to the libs staticly, add Requires: (this is rhbz#745288) - Package up streamtcp as unbound-streamtcp (for monitoring) * Mon Feb 27 2012 Paul Wouters <pwouters@redhat.com> - 1.4.16-2 - Don't ghost the directory (rhbz#788805) - Patch for unbound to support unbound-control forward_zone (needed for openswan in XAUTH mode) * Thu Feb 02 2012 Paul Wouters <paul@nohats.ca> - 1.4.16-1 - Upgraded to 1.4.16, which was relesed due to the soname and some DNSSEC validation failures * Wed Feb 01 2012 Paul Wouters <paul@nohats.ca> - 1.4.15-2 - Patch for SONAME version (libtool's -version-number vs -version-info) * Fri Jan 27 2012 Paul Wouters <pwouters@redhat.com> - 1.4.15-1 - Upgraded to 1.4.15 - Updated unbound.conf to show how to configure listening on tls443 * Sat Jan 14 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.4.14-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild * Mon Dec 19 2011 Paul Wouters <paul@cypherpunks.ca> - 1.4.14-1 - Upgraded to 1.4.14 for CVE-2011-4528 / VU#209659 - SSL-wrapped query support for dnssec-trigger - EDNS handling changes - Removed integrated EDNS patches - Disabled use-caps-for-id, GoDaddy domains now break on it - Enabled new harden-below-nxdomain * Thu Sep 15 2011 Paul Wouters <paul@xelerance.com> - 1.4.13-1 - Upgraded to 1.4.13 - Removed merged in pythonmod patch - Added EDNS1480 patch to fix unbound on broken EDNS/UDP networks - Fix python to go into sitearch instead of sitelib * Wed Sep 14 2011 Tom Callaway <spot@fedoraproject.org> - 1.4.12-4 - convert to systemd, tmpfiles.d * Mon Aug 08 2011 Paul Wouters <paul@xelerance.com> - 1.4.12-3 - Added pythonmod docs and examples * Mon Aug 08 2011 Paul Wouters <paul@xelerance.com> - 1.4.12-2 - Fix for python module load in the server (Tom Hendrikx) - No longer enable --enable-debug as it causes degraded performance under load. * Mon Jul 18 2011 Paul Wouters <paul@xelerance.com> - 1.4.12-1 - Updated to 1.4.12 * Sun Jul 03 2011 Paul Wouters <paul@xelerance.com> - 1.4.11-1 - Updated to 1.4.11 - removed integrated CVE patch - updated stock unbound.conf for new options introduced * Mon Jun 06 2011 Paul Wouters <paul@xelerance.com> - 1.4.10-1 - Added ghost for /var/run/unbound (bz#656710) * Mon Jun 06 2011 Paul Wouters <paul@xelerance.com> - 1.4.9-3 - rebuilt * Wed May 25 2011 Paul Wouters <paul@xelerance.com> - 1.4.9-2 - Applied patch for CVE-2011-1922 DoS vulnerability * Sun Mar 27 2011 Paul Wouters <paul@xelerance.com> - 1.4.9-1 - Updated to 1.4.9 * Sat Feb 12 2011 Paul Wouters <paul@xelerance.com> - 1.4.8-2 - rebuilt * Tue Jan 25 2011 Paul Wouters <paul@xelerance.com> - 1.4.8-1 - Updated to 1.4.8 - Enable root key for DNSSEC - Fix unbound-munin to use proper file (could cause excessive logging) - Build unbound-python per default - Disable gost as Fedora/EPEL does not allow ECC and has mangled openssl * Tue Oct 26 2010 Paul Wouters <paul@xelerance.com> - 1.4.5-4 - Revert last build - it was on the wrong branch * Tue Oct 26 2010 Paul Wouters <paul@xelerance.com> - 1.4.5-3 - Disable do-ipv6 per default - causes severe degradation on non-ipv6 machines (see comments in inbound.conf) * Tue Jun 15 2010 Paul Wouters <paul@xelerance.com> - 1.4.5-2 - Bump release - forgot to upload the new tar ball. * Tue Jun 15 2010 Paul Wouters <paul@xelerance.com> - 1.4.5-1 - Upgraded to 1.4.5 * Mon May 31 2010 Paul Wouters <paul@xelerance.com> - 1.4.4-2 - Added accidentally omitted svn patches to cvs * Mon May 31 2010 Paul Wouters <paul@xelerance.com> - 1.4.4-1 - Upgraded to 1.4.4 with svn patches - Obsolete dnssec-conf to ensure it is de-installed * Thu Mar 11 2010 Paul Wouters <paul@xelerance.com> - 1.4.3-1 - Update to 1.4.3 that fixes 64bit crasher * Tue Mar 09 2010 Paul Wouters <paul@xelerance.com> - 1.4.2-1 - Updated to 1.4.2 - Updated unbound.conf with new options - Enabled pre-fetching DNSKEY records (DNSSEC speedup) - Enabled re-fetching popular records before they expire - Enabled logging of DNSSEC validation errors * Mon Mar 01 2010 Paul Wouters <paul@xelerance.com> - 1.4.1-5 - Overriding -D_GNU_SOURCE is no longer needed. This fixes DSO issues with pthreads * Wed Feb 24 2010 Paul Wouters <paul@xelerance.com> - 1.4.1-3 - Change make/configure lines to attempt to fix -lphtread linking issue * Thu Feb 18 2010 Paul Wouters <paul@xelerance.com> - 1.4.1-2 - Removed dependancy for dnssec-conf - Added ISC DLV key (formerly in dnssec-conf) - Fixup old DLV locations in unbound.conf file via %post - Fix parent child disagreement handling and no-ipv6 present [svn r1953] * Tue Jan 05 2010 Paul Wouters <paul@xelerance.com> - 1.4.1-1 - Updated to 1.4.1 - Changed %define to %global * Thu Oct 08 2009 Paul Wouters <paul@xelerance.com> - 1.3.4-2 - Bump version * Thu Oct 08 2009 Paul Wouters <paul@xelerance.com> - 1.3.4-1 - Upgraded to 1.3.4. Security fix with validating NSEC3 records * Fri Aug 21 2009 Tomas Mraz <tmraz@redhat.com> - 1.3.3-2 - rebuilt with new openssl * Mon Aug 17 2009 Paul Wouters <paul@xelerance.com> - 1.3.3-1 - Updated to 1.3.3 * Sun Jul 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.3.0-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild * Sat Jun 20 2009 Paul Wouters <paul@xelerance.com> - 1.3.0-2 - Added missing glob patch to cvs - Place python macros within the %with_python check * Sat Jun 20 2009 Paul Wouters <paul@xelerance.com> - 1.3.0-1 - Updated to 1.3.0 - Added unbound-python sub package. disabled for now - Patch from svn to fix DLV lookups - Patches from svn to detect wrong truncated response from BIND 9.6.1 with minimal-responses) - Added Default-Start and Default-Stop to unbound.init - Re-enabled --enable-sha2 - Re-enabled glob.patch * Wed May 20 2009 Paul Wouters <paul@xelerance.com> - 1.2.1-7 - unbound-iterator.patch was not commited * Wed May 20 2009 Paul Wouters <paul@xelerance.com> - 1.2.1-6 - Fix for https://bugzilla.redhat.com/show_bug.cgi?id=499793 * Tue Mar 17 2009 Paul Wouters <paul@xelerance.com> - 1.2.1-5 - Use --nocheck to avoid giving an error on missing unbound-remote certs/keys * Tue Mar 10 2009 Adam Tkac <atkac redhat com> - 1.2.1-4 - enable DNSSEC only if it is enabled in sysconfig/dnssec * Mon Mar 09 2009 Adam Tkac <atkac redhat com> - 1.2.1-3 - add DNSSEC support to initscript and enabled it per default - add requires dnssec-conf * Wed Feb 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.2.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild * Tue Feb 10 2009 Paul Wouters <paul@xelerance.com - 1.2.1-1 - updated to 1.2.1 * Sun Jan 18 2009 Tomas Mraz <tmraz@redhat.com> - 1.2.0-2 - rebuild with new openssl * Wed Jan 14 2009 Paul Wouters <paul@xelerance.com - 1.2.0-1 - Updated to 1.2.0 - Added dependancy on minimum SSL for CVE-2008-5077 - Added dependancy on bc for unbound-munin - Added minimum requirement of libevent 1.4.5. Crashes with older versions (note: libevent is stale in EL-4 and not in EL-5, needs fixing there) - Removed dependancy on selinux-policy (will get used when available) - Enable options as per draft-wijngaards-dnsext-resolver-side-mitigation-00.txt - Enable unwanted-reply-threshold to mitigate against a Kaminsky attack - Enable val-clean-additional to drop addition unsigned data from signed response. - Removed patches (got merged into upstream) * Mon Jan 05 2009 Paul Wouters <paul@xelerance.com> - 1.1.1-7 - Modified scandir patch to silently fail when wildcard matches nothing - Patch to allow unbound-checkconf to find empty wildcard matches * Mon Jan 05 2009 Paul Wouters <paul@xelerance.com> - 1.1.1-6 - Added scandir patch for trusted-keys-file: option, which is used to load multiple dnssec keys in bind file format * Mon Dec 08 2008 Paul Wouters <paul@xelerance.com> - 1.1.1-4 - Added Requires: for selinux-policy >= 3.5.13-33 for proper SElinux rules. * Mon Dec 01 2008 Paul Wouters <paul@xelerance.com> - 1.1.1-3 - We did not own the /etc/unbound directory (#474020) - Fixed cvs anomalies * Fri Nov 28 2008 Adam Tkac <atkac redhat com> - 1.1.1-2 - removed all obsolete chroot related stuff - label control certs after generation correctly * Thu Nov 20 2008 Paul Wouters <paul@xelerance.com> - 1.1.1-1 - Updated to unbound 1.1.1 which fixes a crasher and addresses nlnetlabs bug #219 * Wed Nov 19 2008 Paul Wouters <paul@xelerance.com> - 1.1.0-3 - Remove the chroot, obsoleted by SElinux - Add additional munin plugin links supported by unbound plugin - Move configuration directory from /var/lib/unbound to /etc/unbound - Modified unbound.init and unbound.conf to account for chroot changes - Updated unbound.conf with new available options - Enabled dns-0x20 protection per default * Wed Nov 19 2008 Adam Tkac <atkac redhat com> - 1.1.0-2 - unbound-1.1.0-log_open.patch - make sure log is opened before chroot call - tracked as http://www.nlnetlabs.nl/bugs/show_bug.cgi?id=219 - removed /dev/log and /var/run/unbound and /etc/resolv.conf from chroot, not needed - don't mount files in chroot, it causes problems during updates - fixed typo in default config file * Fri Nov 14 2008 Paul Wouters <paul@xelerance.com> - 1.1.0-1 - Updated to version 1.1.0 - Updated unbound.conf's statistics options and remote-control to work properly for munin - Added unbound-munin package - Generate unbound remote-control key/certs on first startup - Required ldns is now 1.4.0 * Wed Oct 22 2008 Paul Wouters <paul@xelerance.com> - 1.0.2-5 - Only call ldconfig in -libs package - Move configure into build section - devel subpackage should only depend on libs subpackage * Tue Oct 21 2008 Paul Wouters <paul@xelerance.com> - 1.0.2-4 - Fix CFLAGS getting lost in build - Don't enable interface-automatic:yes because that causes unbound to listen on 0.0.0.0 instead of 127.0.0.1 * Sun Oct 19 2008 Paul Wouters <paul@xelerance.com> - 1.0.2-3 - Split off unbound-libs, make build verbose * Thu Oct 09 2008 Paul Wouters <paul@xelerance.com> - 1.0.2-2 - FSB compliance, chroot fixes, initscript fixes * Thu Sep 11 2008 Paul Wouters <paul@xelerance.com> - 1.0.2-1 - Upgraded to 1.0.2 * Wed Jul 16 2008 Paul Wouters <paul@xelerance.com> - 1.0.1-1 - upgraded to new release * Wed May 21 2008 Paul Wouters <paul@xelerance.com> - 1.0.0-2 - Build against ldns-1.3.0 * Wed May 21 2008 Paul Wouters <paul@xelerance.com> - 1.0.0-1 - Split of -devel package, fixed dependancies, make rpmlint happy * Fri Apr 25 2008 Wouter Wijngaards <wouter@nlnetlabs.nl> - 0.12 - Using parts from ports collection entry by Jaap Akkerhuis. - Using Fedoraproject wiki guidelines. * Wed Apr 23 2008 Wouter Wijngaards <wouter@nlnetlabs.nl> - 0.11 - Initial version.